michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-04 22:30:33 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Escape id parameter, which could contain XSS

Browse Source
This commit is contained in:
Jamie Cameron
2014-03-18 21:15:16 -07:00
parent 8987b0c362
commit 52a86fd764
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
inittab/index.cgi
View File

@@ -22,7 +22,8 @@ print &ui_columns_start([ "",
100, 0, \@tds);
foreach $i (&parse_inittab()) {
local @cols;
push(@cols, &ui_link("edit_inittab.cgi?id=".$i->{'id'}, &html_escape($i->{'id'})) );
push(@cols, &ui_link("edit_inittab.cgi?id=".&urlize($i->{'id'}),
&html_escape($i->{'id'})) );
push(@cols, $i->{'comment'} ? "<font color=#ff0000>$text{'no'}</font>"
: $text{'yes'});
local @rls = @{$i->{'levels'}};